In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFlux application, or overwrite arbitrary files with multipart request data.
A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks
A flaw was found in Undertow before 2.0.40 and 2.2.10. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is availability.
A flaw was found in undertow where HTTP2SourceChannel fails to write final frame under some circumstances may result in DoS. The highest impact of this vulnerability is availability.
In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of input and in more places of the Spring Framework codebase.
In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries.
Found in HEAD commit: 50449e8346df657611a75bc79e49c2e4cb325b5b
Vulnerabilities
Details
CVE-2021-43466
### Vulnerable Library - thymeleaf-spring5-3.0.12.RELEASE.jarModern server-side Java template engine for both web and standalone environments
Library home page: http://www.thymeleaf.org
Dependency Hierarchy: - webwolf-8.2.1-SNAPSHOT.jar (Root Library) - spring-boot-starter-thymeleaf-2.4.3.jar - :x: **thymeleaf-spring5-3.0.12.RELEASE.jar** (Vulnerable Library)
Found in HEAD commit: 50449e8346df657611a75bc79e49c2e4cb325b5b
Found in base branch: main
### Vulnerability DetailsIn the thymeleaf-spring5:3.0.12 component, thymeleaf combined with specific scenarios in template injection may lead to remote code execution.
Publish Date: 2021-11-09
URL: CVE-2021-43466
### CVSS 3 Score Details (9.8)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://www.thymeleaf.org/releasenotes.html#thymeleaf-3.0.13
Release Date: 2021-11-09
Fix Resolution: org.thymeleaf:thymeleaf-spring3:3.0.13.RELEASE;org.thymeleaf:thymeleaf-spring4:3.0.13.RELEASE;org.thymeleaf:thymeleaf-spring5:3.0.13.RELEASE
CVE-2021-22118
### Vulnerable Library - spring-web-5.3.4.jarSpring Web
Library home page: https://github.com/spring-projects/spring-framework
Dependency Hierarchy: - webwolf-8.2.1-SNAPSHOT.jar (Root Library) - spring-boot-starter-web-2.4.3.jar - :x: **spring-web-5.3.4.jar** (Vulnerable Library)
Found in HEAD commit: 50449e8346df657611a75bc79e49c2e4cb325b5b
Found in base branch: main
### Vulnerability DetailsIn Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFlux application, or overwrite arbitrary files with multipart request data.
Publish Date: 2021-05-27
URL: CVE-2021-22118
### CVSS 3 Score Details (7.8)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://tanzu.vmware.com/security/cve-2021-22118
Release Date: 2021-05-27
Fix Resolution: org.springframework:spring-web:5.2.15,5.3.7
CVE-2021-3859
### Vulnerable Library - undertow-core-2.2.4.Final.jarDependency Hierarchy: - webwolf-8.2.1-SNAPSHOT.jar (Root Library) - spring-boot-starter-undertow-2.4.3.jar - :x: **undertow-core-2.2.4.Final.jar** (Vulnerable Library)
Found in HEAD commit: 50449e8346df657611a75bc79e49c2e4cb325b5b
Found in base branch: main
### Vulnerability DetailsA flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks
Publish Date: 2021-10-05
URL: CVE-2021-3859
### CVSS 3 Score Details (7.5)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://github.com/undertow-io/undertow/commit/db0f5be43f8e2a4b88fbedd2eb6d5a95a29ceaa8
Release Date: 2021-10-05
Fix Resolution: io.undertow:undertow-core:2.2.15.Final
CVE-2021-3690
### Vulnerable Library - undertow-websockets-jsr-2.2.4.Final.jarDependency Hierarchy: - webwolf-8.2.1-SNAPSHOT.jar (Root Library) - spring-boot-starter-undertow-2.4.3.jar - :x: **undertow-websockets-jsr-2.2.4.Final.jar** (Vulnerable Library)
Found in HEAD commit: 50449e8346df657611a75bc79e49c2e4cb325b5b
Found in base branch: main
### Vulnerability DetailsA flaw was found in Undertow before 2.0.40 and 2.2.10. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is availability.
Publish Date: 2021-08-09
URL: CVE-2021-3690
### CVSS 3 Score Details (7.5)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://issues.redhat.com/browse/UNDERTOW-1935
Release Date: 2021-08-09
Fix Resolution: io.undertow:undertow-websockets-jsr:2.0.40.Final, 2.2.10.Final
WS-2016-7107
### Vulnerable Library - spring-security-web-5.4.5.jarspring-security-web
Library home page: https://spring.io/spring-security
Dependency Hierarchy: - webwolf-8.2.1-SNAPSHOT.jar (Root Library) - spring-boot-starter-security-2.4.3.jar - :x: **spring-security-web-5.4.5.jar** (Vulnerable Library)
Found in HEAD commit: 50449e8346df657611a75bc79e49c2e4cb325b5b
Found in base branch: main
### Vulnerability DetailsCSRF tokens in Spring Security are vulnerable to a breach attack. Spring Security always returns the same CSRF token to the browser.
Publish Date: 2016-08-02
URL: WS-2016-7107
### CVSS 3 Score Details (5.9)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: High - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: None - Availability Impact: None
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/WS-2016-7107
Release Date: 2016-08-02
Fix Resolution: org.springframework.security:spring-security-web - 5.2.14.RELEASE,5.3.13.RELEASE,5.5.4,5.4.10
CVE-2021-3597
### Vulnerable Library - undertow-core-2.2.4.Final.jarDependency Hierarchy: - webwolf-8.2.1-SNAPSHOT.jar (Root Library) - spring-boot-starter-undertow-2.4.3.jar - :x: **undertow-core-2.2.4.Final.jar** (Vulnerable Library)
Found in HEAD commit: 50449e8346df657611a75bc79e49c2e4cb325b5b
Found in base branch: main
### Vulnerability DetailsA flaw was found in undertow where HTTP2SourceChannel fails to write final frame under some circumstances may result in DoS. The highest impact of this vulnerability is availability.
Publish Date: 2021-06-11
URL: CVE-2021-3597
### CVSS 3 Score Details (5.9)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: High - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://bugzilla.redhat.com/show_bug.cgi?id=1970930
Release Date: 2021-06-11
Fix Resolution: io.undertow:undertow-core:2.2.8.Final
CVE-2021-22060
### Vulnerable Library - spring-web-5.3.4.jarSpring Web
Library home page: https://github.com/spring-projects/spring-framework
Dependency Hierarchy: - webwolf-8.2.1-SNAPSHOT.jar (Root Library) - spring-boot-starter-web-2.4.3.jar - :x: **spring-web-5.3.4.jar** (Vulnerable Library)
Found in HEAD commit: 50449e8346df657611a75bc79e49c2e4cb325b5b
Found in base branch: main
### Vulnerability DetailsIn Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of input and in more places of the Spring Framework codebase.
Publish Date: 2022-01-10
URL: CVE-2021-22060
### CVSS 3 Score Details (4.3)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: Low - Availability Impact: None
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://github.com/advisories/GHSA-6gf2-pvqw-37ph
Release Date: 2022-01-10
Fix Resolution: org.springframework:spring-core:5.2.19, 5.3.14; org.springframework:spring-web:5.2.19, 5.3.14
CVE-2021-22096
### Vulnerable Libraries - spring-web-5.3.4.jar, spring-webmvc-5.3.4.jar### spring-web-5.3.4.jar
Spring Web
Library home page: https://github.com/spring-projects/spring-framework
Dependency Hierarchy: - webwolf-8.2.1-SNAPSHOT.jar (Root Library) - spring-boot-starter-web-2.4.3.jar - :x: **spring-web-5.3.4.jar** (Vulnerable Library) ### spring-webmvc-5.3.4.jar
Spring Web MVC
Library home page: https://github.com/spring-projects/spring-framework
Dependency Hierarchy: - webwolf-8.2.1-SNAPSHOT.jar (Root Library) - spring-boot-starter-web-2.4.3.jar - :x: **spring-webmvc-5.3.4.jar** (Vulnerable Library)
Found in HEAD commit: 50449e8346df657611a75bc79e49c2e4cb325b5b
Found in base branch: main
### Vulnerability DetailsIn Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries.
Publish Date: 2021-10-28
URL: CVE-2021-22096
### CVSS 3 Score Details (4.3)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: Low - Availability Impact: None
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://tanzu.vmware.com/security/cve-2021-22096
Release Date: 2021-10-28
Fix Resolution: org.springframework:spring-core:5.2.18.RELEASE,5.3.12;org.springframework:spring-web:5.2.18.RELEASE,5.3.12;org.springframework:spring-webmvc:5.2.18.RELEASE,5.3.12;org.springframework:spring-webflux:5.2.18.RELEASE,5.3.12